diff --git a/hosts/mystra/default.nix b/hosts/mystra/default.nix
index ce44efa..c0144c9 100644
--- a/hosts/mystra/default.nix
+++ b/hosts/mystra/default.nix
@@ -4,23 +4,15 @@
     ./hardware-configuration.nix
     ./disk-config.nix
     ../../nixos/server.nix
+    ./nginx.nix
+    ./taskd.nix
   ];
 
-  services.nginx = {
-    enable = true;
-    virtualHosts."henri-saudubray.fr" = {
-      enableACME = true;
-      # forceSSL = true;
-      root = "/var/www/html";
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "henri.saudubray@proton.me";
-  };
+  networking.firewall.allowedTCPPorts = [
+    80 # HTTP (nginx)
+    443 # HTTPS (nginx)
+    53589 # Taskserver
+  ];
 
   networking.hostName = "mystra";
   system.stateVersion = "25.11";
diff --git a/hosts/mystra/nginx.nix b/hosts/mystra/nginx.nix
new file mode 100644
index 0000000..629367e
--- /dev/null
+++ b/hosts/mystra/nginx.nix
@@ -0,0 +1,16 @@
+{ ... }:
+{
+  services.nginx = {
+    enable = true;
+    virtualHosts."henri-saudubray.fr" = {
+      enableACME = true;
+      # forceSSL = true;
+      root = "/var/www/html";
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "henri.saudubray@proton.me";
+  };
+}
diff --git a/hosts/mystra/taskd.nix b/hosts/mystra/taskd.nix
new file mode 100644
index 0000000..bc06cef
--- /dev/null
+++ b/hosts/mystra/taskd.nix
@@ -0,0 +1,9 @@
+{ ... }:
+{
+  services.taskserver = {
+    enable = true;
+    fqdn = "henri-saudubray.fr";
+    listenHost = "::";
+    organisations.personal.users = [ "hms" ];
+  };
+}